The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.
The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough.
The general workflow for Mutiny is to take a sample of legitimate traffic, such as a browser request, and feed it into a prep script to generate a .fuzzer file. Then, Mutiny can be run with this .fuzzer file to generate traffic against a target host, mutating whichever packets the user would like.
There are extensions that allow changing how Mutiny behaves, including changing messages based on input/output, changing how Mutiny responds to network errors, and monitoring the target in a separate thread.
Mutiny uses Radamsa to perform mutations.
The Decept Proxy is a multi-purpose network proxy that can forward traffic from a plaintext or TLS TCP/UDP/domain socket connection to a plaintext or TLS TCP/UDP/domain socket connection, among other features. It makes a good companion for Mutiny, as it can both generate .fuzzer files directly, particularly helpful when fuzzing TLS connections, and allow Mutiny to communicate with TLS hosts.
What makes Decept Proxy different from the various other proxies?
- It supports TLS endpoints, IPv6, Unix Sockets, abstract namespace sockets, L3 protocols/captures, and L2 bridging and passive modes.
- It can perform SSH proxying/sniffing/filtering.
- It was created with portability in mind and only uses standard python libraries. As long as the system you’re going to run Decept Proxy on has Python 2 install, it should be good to go.
Decept is based off of the TCP proxy.py from Black Hat Python by Justin Seitz.
Ensure python and scapy are installed.
Untar Radamsa and
make (You do not have to make install, unless you want it in /usr/bin – it will use the local Radamsa) Update
mutiny.py with path to Radamsa if you changed it.
Save pcap into a folder. Run
<XYZ>.pcap (also optionally pass the directory of a custom processor if any, more below). Answer the questions, end up with a
<XYZ>.fuzzer file in same folder as pcap.
mutiny.py <XYZ>.fuzzer <targetIP> This will start fuzzing. Logs will be saved in same folder, under directory